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The present invention consists of a secure interactive electronic account statement delivery system suitable for use-bver'^open'-hetworks 
such as the Internet. The invention utilizes a certification hierarchy to insure that electronic bills, invoices, and other account statements 
can be securely sent over open networks. The participants in the system are a cenification authority, certificated banks, billcrs, and 
customers. The certification authority grants digital certificates to the certificated banks, which in turn grant digital certificates to billcrs 
and customers. Digital certificates form the basis for encryption and authentication of network communications, using public and private 
keys. The certificates associate a customer and biller with a certificated bank and with the electronic billing system, much like payment 
cards associate a customer with a payment card issuer and a particular payment card system. 
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SECURE INTERACTIVE ELECTRONIC ACCOUNT STATEMENT DELIVERV 

SYSTEM 

FIELD OF THE INVENTION 

The present invention relates to the field of electronic billing and paying systems. 
More particularly, the present invention relates to a secure interactive electronic statement 
delivery system suitable for use on open networks such as the Internet. 

BACKGROUND ART 

Every month, millions of customers receive bills and other account statements from 
utilities, banks, stores, credit card companies, insurance companies, and other service 
providers. Almost all of these account statements are sent by mail. 

A typical bill includes four primary components: 

1. Summary information. Typically includes an amount due, a due date, a 
custdmer account number, a statement issuer (biller) name and address. The summary ~ 
information is often printed on a detachable reminance stub that is intended to be returned 
by the customer with a check for payment. 

2. A pre-addressed return envelope. 

3. Detailed invoice of charges. Typically includes a detailed listing of the 
charges accrued. For example, if the account statement is a telephone company bill, the 
detailed invoice will list details of each toll call. The detailed infonnation may include 
legally mandated information, particularly if the statement issuer is a public utility. For 
example, an electric company may be required to list monthly or yearly comparisons of a 
customer's energy use. The content and format of such legally mandated information may 
vary from one legal jurisdiction (town, county, state) to another. 

4. Marketing materials. Statement issuers typically include information such as 
newsletters announcing new products or services, and often also include third party 
advertising pieces. 



1 



wo 98/26386 

PCT/US97/23025 

A customer typically pays- a bill by writing a check for the amount due, placing the 
check and the remittance stub in the return envelope, sealing and stamping the envelope. 

and placing it in the mail. 

For every bill received and paid by a customer, a billing institution (biller) has to 
. perform numerous paper handling tasks. First the biller has to generate the bill and mail it 
to the customer. The bill generation process involves retrieving billing data for a customer 
fom^attrng the billing data in the legally prescribed manner, printing.each customer's bill 
Placmg the bill and other included materials in an envelope, and mailing the envelope to 
the customer. The biller also has to process the payment remittance received. Remittance 
processing involves opening envelopes, identifying the customer's account, extracting the 
check, and presenting the check for payment. Given the large volume of bills sent out and 
payments received each month, the paper handling involved is a massive and expensive 
undertaking. 

. . . . '^'"°"^'y'^^"'^^^.^^.!!".P'^^^^^^ handling involved in bill 

paying and remittance processing. For example, there exist electronic bill payment service 
bureaus that allow customers to electronically pay their bills via a home computer or 
telephone. However, although use of these bureaus make bill paying more convenient for 
customers, they make remittance processing more expensive for billers because the 
payments forwarded to the biller by the bureau are exception items for many billers. When 
using a bill payment service, a customer directs the service bureau to make payments to the 
biller. As a result, the remittance is not presented to the biller in the usual way, i.e.. a check 
with the biller's remittance stub in a single envelope. Instead, the biller receives payment 
without the remittance stub, from the service bureau. The payment itself, depending on the 
practice used by the service bureau, may take a number of forms. The biller may receive a 
check printed by the service bureau drawn on the customer's bank account containing the 
customer's account number with the biller and MICR (Magnetic Ink Character 
Recognition) data encoding the customer's bank account number. Alternatively, the service 
bureau may consolidate payments from several customers to a biller into a single payment. 
.1" .^h!sca?e, the, .biller receives, one payment and a.Jist of-customers^Wht^se-bills have been:- . 
aggregated into the single payment. In another automatic bill payment system, a customer 
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pre-authorizes a biller to automatically deduct amounts due from the customer's bank 
account using the Automated Clearing House ("ACH"). In this case, the biller must comply 
with ACH procedures for validating and obtaining payments. 

U.S. Patent No. 5,465,206, issued November 7,1995, for "Electronic Bill Pay 
5 System", assigned to the assignee of the present invention and incorporated herein by 
reference, discloses a bill pay system- that allows customers to pay bills to panicipating 
billers through a centralized payment network operating according to preset rules. The 
participating customers receive bills from participating billers which indicate an amount 
owed and a unique biller identification number, which is assigned by the payment network. 

10 The bills may be mailed bills, e-mail notices, or implied bills for automatic debts. To 
authorize a remittance, a customer transmits to its bank, which is a participating bank, a 
bill pay order indicating a payment date, a payment amount, the customer's account 
number with the biller, a source of funds, and the biller's biller identification number. The 
customer's bank then submits a payment message to a payment network. The payment 

15 network forwards' the payment message to the biller's bank: For settlemehtrthe customer's 
bank debits the customer's account and is obligated to a net position with the payment 
network. Likewise, the biller's bank receives a net position from the payment network and 
credits the biller's bank account. The biller receives payment details from the biller's bank, 
or alternatively directly from the payment network, and updates its accounts receivable 

20 records. The customer initiates bill pay orders manually via paper correspondence, at an 
ATM, via PC, or via telephone keypad. 

Prior art systems have primarily addressed the bill payment portion of customer bill 
processing. The bill generation and presentation portion of customer bill processing has not 
yet been satisfactorily addressed. U.S. Patent No. 5,465.206 suggests that bills may be sent 
25 electronically by e-mail, but does not elaborate. U.S. Patent No. 5,007,084 for "Payment 
Authorization and Information Device", issued April 9, 1991, describes a home terminal 
for receiving and printing out billing information. The billing data is simple text data 
received by the customer via an encoded signal broadcast by a centralized invoice 
distribution center during vertical blanking intervals of a television broadcast or via 
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telephone lines and a modem. A special device is used to decode and print out a hard copy 
of the received text. The same device can be used to pay the bill electronically. 

The electronic bills delivered by these systems consist of simple text messages. As 
such, the electronic bills cannot deliver the same variety of infomiation and materials as, 
and are therefore a poor substitute for, traditional mailed paper bills. Furthermore, these 
systems require the use of a speciali2ed....centrali2ed distribution network and/or special 
equipment. 

Security is an issue for messages and other data transmitted over open networks 
such as the Internet. Encr>'ption is one mechanism that can improve the security of 
transmitted communications. Two well known types of encryption are secret key 
encryption and public key encr>'ption. 

Secret key encryption is a symmetric form of encryption in which the same key is 
used to encrypt and decrj'pt messages. To encrypt a message, the message and the secret 
key are supplied.to a software enciyptibn pj-ograrii' thatlransf« means of ' 

an encryption routine that uses the secret key and the message as an input. The original 
message can only be obtained from the encrypted message by applying a reverse 
decryption process which transforms the encrypted message by means of a decryption 
routine that uses the encrypted message and the secret key as an input. Because the same 
secret key is used for encrj-piion and decr>'ptipn, both the sender and the recipient of the 
encrypted message must have a copy of the secret key. The security of secret key 
encryption can therefore be compromised by either the sender or the recipient. 

Public key encryption is an asymmetric form of encryption that uses a two-key pair, 
typically referred to as a public key and a private key. In public key encryption, messages 
encrypted with either one of the public and private keys can only be decrypted using the 
other key. For example, a message encrypted with the public key can only be decrypted 
using the private key. Conversely, a message encrypted with the private key can only be 
decrypted using the public key. 
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The terms "public'^ key and "private" key stem from the manner in which public 
key encryption is often used. A party concerned about security of its incoming 
communications generates its public and private keys. It keeps its private key secret, but 
freely distributes its public key. Any party wishing to send a confidential message to the 
5 party that generated the keys can encrypt its message using tlie freely available public key. 
Since the message can then bnly be decrypted using the private key, which the receiving 
party keeps in its sole possession, the sending party can be assured that only the receiving 
party will be able to decode the encrypted message. 

Another security mechanism that can be used in conjunction with public key 
10 encryption is a digital signature. The purpose of a digital signature is to confirm to the 
recipient that a message that is sent has in fact originated with the purported sender. 

One form of digital signature uses a message digest. A message digest is a value 
that is generated when the message is passed through a digesting program, which may be a 
hashing routine. An ideal- digesting program is one for -which -the probability of two 

15 different messages generating the same message digest is extremely low. In this form of 
digital signature, both the sender and the recipient need to know which digesting program 
is being used. The sender generates the message, and generates a message digest by 
passing the message through the digesting program. The sender encrypts the message 
digest with the sender's private key. The result of this encryption then becomes the digital 

20 signature which the sender appends to a message just as a holographic signature would be 
added to a paper document. Finally, the sender encrypts the entire package with the 
recipient's public key, and sends the encrypted package to the recipient. 

The recipient receives the encrypted package and decrypts it using the recipient's 
private key to obtain the message and message digest encrypted with the sender's private 
25 key. Next, the sender decrypts the message digest using the sender's public key. The 
recipient then runs the message, minus message digest, through the digesting program and 
compares the message digest so obtained to the message digest included in the message. If 
they are both the same, the recipje;nt is ensured that the message indeed originated with the 
sender and that it has not been changed enroute. 
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To send an account statement such as a bill to a customer in one embodiment of the 
present invention, the biller and the customer must each have a valid certificate, typically 
issued by a certificated bank. The biller must know the e-mail address of the customer, as 
well as the customer's public key. this information may be obtained, for example, from "the 
certification authority, which maintains a file or directory of customer public keys and e- 
mail addresses, as well as a file or directory of biller public keys and e-mail addresses. The 
biller sends an e-mail message signed with the biller's digital signature and encrypted using 
the customer's public key (or using a session key which is encrypted with the customer's 
public key) to the customer's e-mail address. In one embodiment, the biller includes a copy 
of the biller's certificate with the e-mail message. In another embodiment, the customer 
obtains the biller's certificate from a directory maintained by a certification authority or 
from local storage (if the customer previously obtained the biller's certificate). When the 
customer retrieves the e-mail message, for example using a home computer, software in. the 
customer's computer decrypts the message using the customer's private key, or using the 
-session=.key..decrypted\_using ;.the.,custoriier's--privat^ and j^'erifies that the e-mail 
message is a bona-fide message from a certificated biller by verifying the biller's certificate 
and digital signature. Since only the customer has access to the customer's private key, 
only the customer can decrypt and read the e-mail bill. The present invention thus provides 
a level of privacy and security that is at least as great as using regular mail. 

The e-mail message itself may be a simple-text message containing the equivalent 
of summary information for the bill, or may be a more elaborate bill containing detailed 
text and graphics. However, the bill delivery system of the present invention allows the 
creation of much more elaborate bills. In one embodiment of the invention, the e-mail 
message contains a number of embedded links: for example, an embedded URL of a 
billei^'s world wide web server that allows the customer to interactively bring up detailed 
billing information at a touch of an bn-screen button that activates the link. The e-mail 
message may also include links to third party web sites offering special product promotions 
or other services, thereby performing the same function, but with greater flexibility, as that 
performed by marketing, rnaterials included in mailed hard-copy bills. The e-mail message 
may also contain an embedded command to send the biller a confirmation message when 
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the customer first displays the biller's message. Customer cenificates and customer digital 
signatures are used to insure authenticity of communications originated by a customer. 

BRIEF DFSrRi PTION OF THF DRAWTNr..^ 

Figure 1 is a schematic diagram illustrating the topology of one embodiment of the 
interactive electronic billing system of the present invention. 

Figure 2 is a block diagram illustrating the certificate hierarchy used in one 
embodiment of the present invention. 

Figure 3 is a schematic diagram of a bank certificate of one embodiment of the 

present invention. 

Figure 4 is a schematic diagram of a customer certificate of one embodiment of the 
present invention. 

Figure .5 is.a. schema.tic.-diagram .of.a,bil!er:cenific 
present invention. 

Figure 6 is a block diagram illustrating a process by which a certification authority 
15 issues a bank certificate in one embodiment of the present invention. 

Figure 7 is a block diagram illustrating a process by which a certificated bank 
.ssues a customer or biller certificate in one embodiment of the present invention. 

Figure 7A is a block diagram illustrating a process by which a customer registers 
with a biller to receive electronic bills in one embodiment of the present invention. 
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Figure 7B is a schematic diagram of a customer request for electronic billing 
service to a biller of one embodiment of the present invention. 

Figure 8 is a block diagram illustrating the process by which a biller sends a bill to 
a customer in one embodiment of the present invention. 
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Figure 8A is a schematic diagram of one embodiment of a biller's e-mail 



message 



containing summary bill data. 



Figure 9 is a block diagram of a method used by a customer's software to 
authenticate an incoming biller message in one embodiment of the present invention. 

Figure 10 is an illustration of an interactive bill of one embodiment of the present 
invention containing summary data. 

Figure 1 1 is an illustration of an interactive bill of one embodiment of the present 
invention containing detailed data. 

Figure 12 is a schematic diagram of an example computer system that can be used 
for a customer, biller, bank, or certification authority computer system of the present 
invention. 

■DETAILED DESCRIPTION OF THE INVENTION - . .. - 

In the following description, numerous specific details are set forth in order to 
provide a thorough understanding of the present invention. It will be apparent to one 
skilled in the art, however, that the present invention may be practiced without these 
specific details. In other instances, well-known features have not been described in detail in 
order not to unnecessarily obscure the present invention. 

Figure 1 shows the topology of one embodiment of an interactive electronic billing 
system of the present invention. As shown in Figure 1, this embodiment includes a biller 
100, a certificated biller bank 110, a transport network 120, a certificated customer bank 
130, a customer 140, and a certification authority 150. Biller 100 may be any of a variety 
of entities that provide products or services to customer 140 and that provide periodic 
account statements to customer 140. Examples of entities that may be a biller 100 include 
utility companies, banks, credit card companies, retailers, stockbrokers, etc. 

Certificated biller bank 1 10 is a bank that has been certificated by certification 
authority 150 and that has provided a biller certificate to biller 100. Biller bank 1 10 may 
also provide electronic bill payment services to biller 100. Transport network 120 is a data 
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communications network to which biller 100, certificated biller bank 110 certificated 
customer bank 130, customer 140, and cenification authority 150 have access For 
example, transport network 120 may be the Internet. Certificated customer bank 130 is a 
bank or other service provider that has been certificated by certification authority 150 and 
. tl.at has provided a customer certificate to cJstomer 140. Customer Bank 130 may also 
prov.de electronic bill payment services to customer 140. Customer 140 is any entity that 
has obtained a customer certificate and Is a customer of biller 100. Certification Authority 
150 distributes certificates to certificated banks and may administer the protocol and 
certificate hierarchy used in the system. 

Figure 2 is a block diagram illustrating the certificate hierarchy used in one 
embodiment of the present invention. At the top level of the hierarchy is certification 
authority 200. which is responsible for overall integrity of the system. Certification 
authority 200 issues certificates to certificated banks. These certificates are shown as bank 
certificates 210a and 210b. Bank certificates 210a-b constitute the second level of 
- .certificates below the top level occupied by certificafion authority M."" ~ 

Certificated banks issue customer certificates and biller certificates to customers 
and billers, respectively. As shown in Figure 2. customer certificate 220a and biller 
certificate 230a are issued under the authority of bank certificate 210a, while customer 
certificate 220b and biller certificate 230b are issued under authority of bank certificate 
210b. Customer certificates 220a-b and biller certificates 230a-b occupy the same level of 
the certificate hierarchy shown in Figure 2. This level is one level below bank certificates 
210a-b. 

A digital certificate of the present invention consists of digital data of a particular 
fom. and content, as established by a certification authority. A digital certificate of the 
present invention may be delivered from the issuer of the certificate to the recipient as an 
electronic message or in physical form. If delivered in physical form, the digital certificate 
•s stored on a physical medium, for example, on a chip card. The chip card is delivered by 
some secure means to the recipient. 
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Figure 3 illustrates ' the digital data contained in a bank certificate of one 
embodiment of the present invention. As shown in Figure 3, bank certificate 350 includes a 
bank ID 300, a bank public key 30.5, a certification authority digital signature 310, and a 
certification authority affiliation 315. 

5 Bank ID 300 is a unique identifier that identifies the certificated bank to which the 

certificate is being issued within ^the electronic billing system administered by the 
certification authority identified by certification authority affiliation 315. In one 
embodiment, bank ID 300 consists of a combination of a bank's name, location, Federal 
Reserve Bank routing number, and/or American Bank Association ("ABA") number. Bank 
10 public key 305 is the public key of the bank. Certification authority affiliation 315 
indicates the particular certification authority that has issued the bank certificate. 
Certification authority digital signature 310 is a digital signature of the certification 
authority that authenticates the certificate as a valid certificate issued by the certification 
authority identified by certification authority affiliation^3 15. Certification authority digital 
15 . signature 310 may be viewed as a seal that auThenticates bank ID 300 and bank public key 
305 that ensures that they are delivered intact and unchanged to a recipient. Certification 
authority digital signature 3 1 0 may, for example, be generated by creating a message digest 
of bank ID 300 and bank public key 305 and encrypting the message digest using the 
certification authority's private key. 



20 



Figure 4 illustrates the digital data contained in a customer certificate issued by a 
certificated bank in one embodiment of the present invemion. As shown in Figure 4, 
customer certificate 450 contains a copy of bank certificate 350 in the fonn of bank ID 415, 
bank public key 420, certification authority digital signature 425, and certification 
authority affiliation 430, which are copies of bank ID 300, bank public key 305, 
certification authority digital signature 310, and certification authority affiliation 315 
respectively. In addition, customer certificate 450 includes a customer ID 400, a customer 
public key 405, and a bank digital signature 410. 

Customer IE) 400 is a unique i.dentifier with respecLtoll^^^ certificated bank 

that uniquely identifies the customer to whom customer certificate 450 is issued from 
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among the entities to which the certificated bank identified by bank ID 410 has issued 
certificates. Customer ID 400 in combination with banic ID 410 uniquely identifies the 
customer to whom certificate 450 has been issued from among all participants of the 
electronic billing system administered by the certification authority identified by 
5 certification authority affiliation 430. 

Customer public key 405 is the public key of the customer. Bank digital signature 
410 is a digital signature of the certificated bank that authenticates customer ID 400 and 
customer public key 405 and ensures that they are delivered intact and unchanged to a 
recipient. Certificated bank digital signature 410 may, for example, be generated by 
0 creating a message digest of customer ID 400 and customer public key 405 and encrypting 
the message digest using the certificated bank's private key. 

Figure 5 illustrates the digital data contained in a biller certificate issued by a 
certificated bank in one embodiment of the present invention. As shown in Figure 5, biller 
certificate 550 is similar to customer certificate 450 of Figure 4, excqpt that the customer -. 
ID 400 and customer public key 410 are replaced with biller ID 500 and biller public key 
510, respectively. Biller ID 500, like customer ID 400, is a unique identifier with respect to 
the issuing certificated bank that uniquely identifies the biller to whom biller certificate 
550 is issued from among the entities to which the certificated bank identified by bank ID 
510 has issued certificates. Biller ID 500 in combination with bank ID 510 uniquely 
identifies the biller to whom certificate 550 has been issued from among all participants of 
the electronic billing system administered by the certification authority identified by 
certification authority affiliation 530. 

Figure 6 illustrates the process by which a certification authority issues a bank 
certificate to a bank in one embodiment of the present invention. The certification authority 
in general issues a bank certificate to a bank only if the bank meets financial and security, 
qualifications established by the certification authority, and if the bank agrees to the terms 
and conditions associated with the electronic billing system. 

.•AAs..ishbwn"4h-Wgare--6;=.--thfe process starts when' a certification autKorify (CA) ■ •• 
receives a certification application at block 600. A certification application may, for 
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example, consist of a request for certification along with supponing documentation as 
required by the certification authority. 

After receiving the certification application, the certification authority reviews the 
application and the applicant bank's qualifications at block 605. If the applicant bank fails 

5 to meet the certification authority's required qualifications at block 610, the bank's 
application is rejected at block 61-5; If the bank meets the certification authority's 
qualifications at block 610, the certification authority selects an ID for the bank at block 
620. The certification authority sends billing system software to the bank (if needed) at 
block 625, and requests the bank's public key from the bank at block 630. The bank 

10 generates its public and private key pair using the billing system software (or some other 
appropriate method) at 635, and sends its public key to the certification authority at block 
640. Alternatively, the bank's public and private keys may be generated by the certification 
authority, as part of the application process or after approval of the application. In this case, 
the private key must be delivered to the bank in a secure manner. 

15 The certification authority stores the bank ID and the bank's public key in a 

directory at block 645, and assembles the bank*s certificate at block 650. Finally, the 
certification authority delivers the bank's certificate to the bank by secure means at block 
655. 

One secure means that may be used for conveying the bank certificate from the 
20 certification authority to the bank is to encrypt a digitally signed bank certificate with the 
bank's public key, or with a session key encrypted with the bank's public key, and transmit 
it to the bank. In an embodiment in which the certification authority generates the bank's 
private key, the certification authority must also deliver the bank's private key to the 
bank. A second secure means that may be used is storing the certificate on a physical 
25 storage medium such as an integrated chip card and physically conveying the chip card to 
the bank. 

Figure 7 illustrates the process by which a certificated bank (a bank that has been 
certified by a certification authority)" issues a bfllef certificate br a' customer ce to a 

biller or customer, respectively, in one embodiment of the present invention. The 
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cenificated bank in general issues a biller or cus.on,er certificate only if ,be bille. „. 
customer n,ee.s financial and/or Cher qualifications established by the cenifieated ban. 
and/or the certification authority. 

As shown in Figure 7, the process s.a,« when a certificated banlc (CB) receives a 
cen,f.cation application from a biller or customer (B/C) at block 700. A certificafion 
application may. for example, consist, of a request for a B/C certificate along with 
supportmg documentation as required by the certificated bank. 

After receiving the certification application, the certificated bank reviews the 
appltcation and the B/Cs qualifications at block 705. If the applicant fails to meet the 
certtfication authodty. required qualifications a. block 7,0, the B/C. application is 
r^ected a, block 715. If the B/C meets the certificated bank, qualifications a, block 7,0 
the centficated bank generates an ID for the B/C at block 720. in one embodiment the ID 
conststs of a combination of B/C info^ation (name, address, etc., and a certificated bank- 
. ^~ The cerfiftcated bank sends biUin. ■ 

system ^ftware to the B/C (if needed) at block 725. The certificated bank requests the 
B/Cs pubhc key from the B/C at block 730. The B/C generates its public and private key 
pa.r using the billing system software (or some other appropriate method) a. 735. and sends 
..3 public key to the certificated bank at block 740. A,te,.atively, the B/Cs public and 
pnvate keys may be generated by the certificated bank, as part of the application process or 
after approval of the app,ication. In this case, the private key must be delivered to the B/C 
m a secure manner. 

The certificated bank sends the B/C ID and public key ,„ the certification authority 
at block 745. The certification authority stores the B/C ID and the B/C's public key in a 
.=cto^ a, block 750. Alterttatively, or in addition, the certificated bank may store the B/C 
ID and public key in its own directory. The certificated bank assembles the B/C certificate 
a. block 755. Finally, the certificated bank delivers the B/C's certificate to the B/C at block 
760, 

, -Figure .7A is a block diagram illustrating a proiess by which a customer registeS 
w.th a biller to receive electrt,nic bills in one embodimem of the present invention. As 
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shown in Figure 7A, the process starts when a customer becomes a participant in an 
electronic billing system by applying for and receiving a certificate from a certificated bank 
at blocks 770 and 772, respectively. Once the customer receives the customer's certificate, 
the customer is able, to request electronic bilj presentation services from a biller or other 
statement issuer. The customer identifies a statement issuer from whom the customer 
wishes to receive electronic statements at block 774, and inquires as to whether the 
statement issuer has been issued a biller certificate, and is therefore a participant in the 
electronic billing system, at block 776. The customer may undertake such an inquiry in a 
variety of ways. For example, the customer may contact the biller directly, by telephone or 
other means, or the customer may request information as to whether a biller is a participant 
from the customer's certificated bank or the certification authority. Alternatively, a biller 
may inform its customers, by letter or otherwise, of the biller's participation in an 
electronic payment system, or the biller may indicate the biller's participation in an 
electronic billing system on paper bills sent to its customers. In one embodiment, a 
certification authority authorizes a participant biller to use a logo or other identifier owned 
by the certification authority to indicate the biller's participation in an electronic billing 
system in a manner analogous to the way in which payment card systems (such as Visa, 
MasterCard, etc.) authorize merchants to display system logos to communicate that they 
accept payment cards issued by those systems. 

If the customer learns that the prospective biller is not a participant at block 778, 
electronic statement delivery is not available and the process ends at block 780. The 
customer is unable to receive electronic statements from this particular biller until such 
lime as the biller becomes a participant in the electronic billing system by applying for and 
receiving a biller certificate. 

If the customer leams that the prospective biller is a participant in the electronic 
billing system, the customer obtains the biller's e-mail address (for example, from the biller 
or the certificated bank or certification authority) at block 781 and sends a digitally signed 
request message for electronic billing to the biller at block 782. One embodiment of such a 
request message is shown in Figure 7B. In this embodiment, the request message 793 
includes the request for service 795 (which may include, for example, customer 

15 
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- info™a,io„ such as- .he cus.ome.s „.™e and address and the cus.„n,e.s accoun, nu.her 
w..h me b„ler,, ,l,e customer's digi,a, signature 797 (consisting of a message di.es. of .he 
re,ues. 795 encp.ed „i.h .he customer's priva,e ke„; and a cop. of .he c.-onrer's 

certificate 799. 

3 The biller authenticates the custon,e.s request a, block 784. ,n one e.boditnent 

. e b ,er authenticates the re,ues, by first authen.iea.ing the custotne.s certificate to verify 
.hat the customer has been vahdiy certified by a validly certified certi^cated bank and to 
obtatn the customer's public key. The biller then uses the customer's public key .o decryp. 
.he customer's digi.l signature, obtaining a message diges. of Ute re,ues. itself and 
compares the message digest from the customers dectypted digital signature to a menage 
dtgest of the request as received by the biller. ,f the two message digests are identical the 
request is an au.hen.ic message from .he cus.omer idenUfied in the customer ccificate In 
one embodiment, the biller also compares customer infonna.ion included i„ request .o 
..s cus.omer records to verify tha, .he customer is a customer of biller and is authorized to 

used by a biller receiving a change in address notification from a customer to verify that 
the change in address request is authentic. 

If the biller finds tha. the request is not authentic at block 786. for example, because 
he certificate is not valid, or because the message digest contained in .he customer's 
decrypted digital signature is not identical to a message diges. of the appended request, or 
. customer infomtation included in the reques, does not match biller account records, then 
he btller sends an e„.r message to tha. effec. a, block 788. If the request is authentic, ,he 
b.l er updates .he biller's customer data base to add the customer's e-mail address and 
pub c key and to reflect that the customer has requested initiation of electronic billing at 
block 790. The biller begins its electronic billing service to ,he cuslomer at block 792. 

Figure 8 is a block diagmm illustrating the process by which a biller sends a bill or 
other account statement to a customer in one embodiment of Ae present invention As 
shown , „ Figure 8. . hej^oc^^^^ 

generates summary and detailed bill data a, block SOI . Tl,e biller obtains the customC 
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mail address and public key at block 802. The biller may obtain the customers e-mail 
address and public key from a locally stored data file, if available (for example if the biller 
has previously obtained the customer's e-mail address and public key), or from the data 
base maintained by the certification authority or certificated bank, or by. some other 
appropriate means. The biller sends the customer an authenticated e-mail message at block 
803. Software at the customer's computer authenticates the e-mail message at block 804. 

In one embodiment, the body of the e-mail message contains the summary bill data, 
as well as links for accessing detailed billing data, for obtaining advertising materials, and 
for initiating electronic payment of the bill. The biller appends the biller's digital 
certificate, digitally signs the body of the email message, and encrypts the entire e-mail 
message, including the digital signature, using the customer's public key (or using a session 
key encrypted with the customer's public key). The biller then sends the encrypted message 
(and encrypted session key, if applicable) to the customer. 

Figure 8A is a schematic diagram of one embodiment of a biller*s e-mail message 
containing summary bill data. As shown in Figure 8 A. in this embodiment the e-mail 
message 850 includes summary bill data 852, the biller's digital signature 854, the biller's 
certificate 856, and a session key 858. The biller's digital signature 854 consists of a 
message digest of the summary bill data 852 encrypted with the biller's private key. In this 
embodiment, summary bill data 852. biller's digital signature 854, and biller's certificate 
856 are all encrypted using session key 858. Session key 858 in turn is encrypted using the 
customer's public key. 

The customer's software decr>'pts the message using the customer's private' key (and 
decrypted session key, if applicable), and verifies the digital signatures of the certification 
authority and the certificated bank contained in the biller's certificate. Finally, the 
customer's software verifies the biller's digital signature, and displays the authenticated 
message to the customer. In one embodiment, the customer's software stores a copy of the 
biller's digital certificate, or a record that the biller's public key has been validated, in a 
local storage media such as the customer computer's hard disk drive. By doing so, for 
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subsequent bills from the same biller, the only computation required is verification of the 
biller's digital signature. 

The customer views the authenticated e-mail message at block 805. In this 
embodiment, the viewing of the e-mail message by the customer (or, more precisely the 
display of the e-mail message) triggers the sending of a return e-mail message to the biller 
confirming that the bill has been delivered to the customer. The biller receives this 
confirmation at block 806. 

In this embodiment, the summary, bill contains links that can. optionally be 
activated by the customer. These links include a link to a detailed bill, a link to an 
advertiser, and a link to an electronic bill pay system. 

If the customer does not activate any of the options, bill delivery is completed at 
block 808. The customer may print out the bill, or leave it stored on the computer. The 
customer may pay the bill by mail or by electronic means. 

If the customer activates the bill detail option at block 809, the customer's software 
sends a request to the biller for detailed information. The link to the detailed bill 
information contained in the e-mail message contains the appropriate network address to 
which the request should be transmitted. The request contains a unique bill identification 
number obtained from the summary bill. The customer's software may append the 
customer's digital certificate to the body of the message. The customer's software digitally 
signs the message, optionally encrypts the message, if additional security is needed, using 
the biller's public key (or a session key generated by the customer's software and encrypted 
with the biller's public key), and transmits the message to the address for the appropriate 
bil ler detail server specified in the link at block 810. 

The biller's software decrypts, if necessary, and authenticates the received customer 
request for detailed data at block 811. and retrieves the detail data at block 812. The biller 
retrieves the appropriate detail form at block 813. The particular form selected will 

located. The biller enters the detail data into the appropriate'form at block 814 and returns 
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the form, complete with data, to the customer at block 815. In this embodiment the detail 
bill constitutes an HTML document. In one embodimerit, the entire HTML document is 
encrypted and sent with the same security provisions as those used in sending the summary 
data bill. In an aliemate embodiment; only selected data in the HTML document (for 
5 example, data which by agreement between the customer and the biller, by law, or for 
some other reason, must be kept confidential) is encrypted. In an embodiment in which the 
summary data bill is encrypted with a session key, the same session key may be used to 
encrypt the detail bill. Finally, the customer's software authenticates and decrypts the detail 
bill and displays it to the customer at block 816. 

10 The detail bill, like the summary bill, may contain links to advertising materials 

and/or to an electronic bill payment process or system. 

If the customer activates the link for requesting advertising information at block 
817, either from the summary bill or from the detailed bill, the customer's software 
cormects to the advertisei-'s web page using -the -address -eontained in-the advertising 
15 information link at block 818. 

If the customer activates the link for paying the bill electronically at block 819, 
either from the summary bill or from the detailed bill, the customer's software initiates an 
electronic bill pay process at block 821. This electronic pay process may utilize the SET 
protocols, or may be any other appropriate electronic bill pay process. The process may, 
20 but need not, be provided by the customer's certificated bank. 

If the customer neither selects the advertising information or the bill payment 
options at blocks 817 and 819, respectively, bill delivery is completed at block 820. 

The process by which a biller*s message is authenticated by the customer's software 
in one embodiment of the present invention is illustrated in Figure 9. The same general 
25 process, substituting the customer for the biller and the biller for the customer, as 
appropriate, may be used by a biller to authenticate a customer message. 

As shown in Figure 9. the biller, or more precisely the biller's software, assembles 

the body of the e-mail message at block 900, and processes the message using a digesting 
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program to obtain a n,essas. digest at block 903. Tl,e billefs software encrypts the 
message digest using the billets private key at block 910 and appends the encrypted 
message digest to the message a, block 915. The encrypting of the message digest using 
the btlle^s private key and appending the encrypted message digest to the message 
5 constttutes digitally signing the message witK the biller's signature. The digital signature 

allows the custotner to verify that the biller is Ae originator of the message and that the 

message has not been changed en route to the customer. 

The biller' s software appends the biliefs digital certificate to the digitally signed 
message a. block 920. In this embodiment, the billefs certificate, as in the embodiment of 
' Ftgure 5, includes a certification authority's digital signature verifying the certification of 
the certificated biller bank, and the certificated bank's digital signature verifyino the 
certtflcation of the biller and the authenticity of the billets public key. In this embodiLnt 
the ce„if,catio„ authority's digital signature consists of a message digest of the cettificated 
btller bank's ID number and public, key encrypted, using the certification authority's 
p.JVate key..Similarly„,he.,biller;bank's digital signantre consisis of the billert ID number 
and public key encrypted using the biller bank's private key. 

Af*er appending the biller certificate to the message, the biller's software venerates 
a session key at block 922, and encrypts the biller's message (including the Appended 
Agrtal signature and certificate) using the session key a, block 924. The billets software 
then encrypts the session key using the customer's public key at block 926. 

The biller's software sends the encrypted message and encrypted session key to the 
customer via e-mail at block 928. The customer receives the biller's email package at block 
MO. The customer's software decrypts me session key using the customer's privare key at 
block 932, and uses the decrypted session key to decrypt the remainder of the-mail 
message at block 934. 

The customer's software verifies the message by sequentially verifying the 
hierarchy of digital signatures included in the biller's digital certificate. The customer's 
■ ^°ft^-^«^'«t retrieves:.tte..erUficatio^ from the^certifrcation authonty 

affiliation field of the biller's certificate. Using the public key of the certification authority 
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SO identified (which the certification authority makes widely available), the customer's 
software verifies the certification authority's digital signature to determine whether the 
public key and bank ID for the certificated bank included in the biller's certificate are 
genuine. The customer's software decr>'pts the. certification authority's digital signature at 

5 block 936, obtaining a message digest of the biller bank's ID number and public key. The 
customer's software derives a message digest of the biller bank's ID number and public key 
as specified? in the biller certificate at block 938, and compares the derived message digest 
to the message digest from the decrypted certification authority's digital signature at block 
940. If the message digests are found to be not identical at block 942, the customer's 

10 software sends an error message to the biller at block 944. 

If the message digests are found to be identical at block 942, then the certificated 
bank's ID and public key included in the biller's digital certificate are authentic. The 
customer's software uses the biller bank's authenticated public key to decrypt the 
certificated biller bank's digital signature at block 946, obtaining a message digest of the 
15 " biller's ID nunibe^^^^ public keyi Tlie customer software derives a message digest of the- 
biller's ID and public key as specified in the biller's certificate at block 948, and compares 
the two message digests at block 950. If the two digests are . found to be not identical at 
block 952, the customer software sends an error message to the biller at block 954. 

If the message digests are found to be identical at block 952, then the biller's ID and 
20 public key included in the biller's digital certificate are authentic. The customer's software 
uses the authenticated public key of the biller to decrypt the biller's digital signature at 
block 956, obtaining a message digest of the included message. The customer software 
derives a message digest of the message at block 958, and compares the two message 
digests at block 960. If the two digests are found to be not identical at block 962, the 
25 customer software sends an error message to the biller at block 966. 

If the message digests are found to be identical at block 962, then the included 
message is authentic, and the customer software displays the message to the customer at 
block 964. ^ ...... 
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In one embodimen. of .he invention, a certificate issued by a certficated bank to a 
custonter n,ay be used by tbe customer to make electronic payments as well as to receive 
electrontc statements, and a cenificate issued by a certificated bank to a biller may be used 
by the btUer to receive electronic payments as well as to present bills electronically In one 
5 embodiment, a customer or biller applying for" a certificate from a certificated bank may 
request that an electronic payment account be established that is linked to the certificate In 
one embodiment, such an account funciions much like a credit card account or a checking 
account with debit card access. The customer sends a biller an authorization to receive 
payment from the customer's payment account, the biller conveys the authorization to the 
.0 customers certificated bank, and the customer's certificated bank electronically tmnsmits 
.he authorized amoum to the biller's certificated bank for payment into the billet's 
electronic payment account. In another embodiment, U,e customer may use the customefs 
certtficate to make electronic payments using an existing payment card. In one 
embod.ment. the customer sends a payment authorization to the biller in which the 
" ... "T""""'"^" .he amount being paid and the credit card (or other payment card, 
accoum number to be charged. The customer's software digi'^IIylig^s the paymem 
authortzation by encrypting a message digest of the payment authorization with the 
customer's private key, Tlte cus.omefs software appends the customer's certificate to the 
d.g..ally signed payment authorization and enc^s the customers payment authorization 
'0 dtgttal signature, and certificate using a session key. The custome.'s software encrypts the- 
sesston key using the billet's public key. appends the enco-pted session key to the rest of 
the message, and sends the resulting message- via e-mail to the biller. The biller decrypts 
.he session key using the billet's private key and uses the session key to dec^ .he 
customer's certificate, digital signature and payment authorization. The biller verifies the 
authenticity of the customer's cdiflcate. and verifies that the message digest obtained by 
decrypttng the customer's digital signamre using the customers public key matches a 
message digest of the customer's payment authorization, Tlte biller submits the payment 
authortzation to the appropriate payment card authority, and the biller's account is credited 
w..h the payment amount, in one embodiment, the biller retains a copy of the customers 

the payment authorization by the customer. 



SUBSTITUTE SHEET mULE 26^ 



wo 98/26386 



PCT/US97/23025 



Figure 10 is an illustration of an embodiment of a summary bill that may be sent by 
a biller in one embodiment of the present invention. Figure 10 shows the bill as displayed 
by the customer's software on the customer's computer or other display device. This 
embodiment is shown as an example only. A wide variety of other formats for. a summary 
5 bill may be used. 

As shown in Figure 10, summ'sify bill 1000 consists of a summary bill information 
area 1010 and four action buttons 1020, 1030, 1040 and 1050, respectively. Summary bill 
information area 1010 contains summary bill data. In this example, the biller is an electric 
utility company. The summary bill data includes the biller's name 1005, the customer's 

10 account number with the biller 1015, the customer's name and address 1025, a listing of 
current and previous charges 1 035, an explanation of current charges 1045, a return address 
for the biller 1055, and customer service information 1060. Customer service information 
1060 includes the biller's customer service telephone number, e-mail address and URL that 
can be used by the customer to contact the biller if there are any questions. The summary 

15 information, contained in the summary bill information area 1010 corresponds generally to 
the information that would be 20 contained on the remittance stub of a mailed, paper bill. 

Action buttons 1020, 1030, 1040 and 1050 allow the customer to obtain additional 
information or perform certain functions. Action button 1020 is a "Details" button. By 
activating action button 1020, for example by clicking on it with a mouse, the customer's 

20 software at the customer's computer sends a request for bill details to the biller. Action 
button 1030 is a "Pay" button. Action button 1030 is displayed if the customer has access 
to an electronic bill payment system. In one embodiment, activating button 1030 initiates a 
link to electronic bill payment system software that allows the customer to initiate payment 
of the bill utilizing an electronic bill payment system such as, for example, the electronic 

25 bill pay system described in U.S. Patent No. 5,465,206. In another embodiment of the 
invention, the customer's software includes the capability of transmitting an electronic 
payment directly to the biller, for example in the form of an encrypted and digitally signed 
payment card payment authorization! Action button 1040 is a "Print" action button. By 
activating button 1040, a hard copy of the displayed summary bill is printed oil the 

30 customer's printer. Action button 1050 is a "Special Offer" action button. In the 
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embodiment of Figure 1050, action button 1050 contains a short "teaser" about the special 
offer in the form of the words "Save 50% on Airfares!" By activating button 1050, the 
customer's software retrieves a web page linked to button 1050, and displays the web page 
to the customer. The web. page may be a web page of a third party advertiser containing an 
5 advertisement from the third party as in the embodiment shown in Figure 10, or may be a 
web page of the biller. containing details of a special offer available from the biller. 

Figure 1 1 illustrates an example of a detailed bill of one embodiment of the present 
invention that is sent by the biller to the customer in response to the customer activating 
"Details" action button 1020 of summary bill 1000 of Figure 10. The detailed bill may be 
) an HTML document. As shown in Figure 11, detailed bill 1 100, like summar>' bill 1000, 
includes the biller's name 1005, the customer's account number 1015, the customer's name 
and address 1025, a listing of current and previous charges 1035, an explanation of current 
charges 1045. return address 1055, and customer service information 1060. In the 
embodiment of Figure 11. customer service information 1060 includes a customer service 
link button 1150 that links directly to the billeris customer 'semc6^ 
1100 also includes "Pay" action button 1030 and "Print" action button 1040. In addition, 
detailed bill 1100 includes an additional detail field 1110, advertising fields 1130 and 
1 140, and public service message field 1 120. 

In the embodiment of Figure 11, additional detail field 1110 contains a graph 
showing the customer's usage history. In other embodiments, additional detail field 1110 
may contain other billing information that would be included in the detailed portion of a 
mailed, paper bill. For example, if the bill is a telephone bill, detail data field 1 1 10 may 
include a listing of all toll calls made by the customer during the billing period. Additional 
detail field 1110 may contain additional sub-fields, be of any desired size, and may 
encompass several pages. 

Advertising fields 1130 and 1140 contain advertisements. These advertisements 
may be advertisements for products and services of the biller or may be for products and 
services for third party advertisers.^ dispjayed.on a customer's, 

bill may be selected based on criteria such as the customer's profile, the particular time and 
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date at which the customer requests the detailed bill, the geographic location of the 
customer, the customer's usage history, etc. Advertisements may therefore be highly 
focused. For example, special offers may be removed when time limits or limits on the 
number of respondents have been exceeded. Messages concerning water conservation may 
5 be directed by a utility to high water users. On a very hot day, an electric company may 
display an advertisemem for energy saving air conditioners that appears to come from the 
utility but links to the web page of an appliance store in the customer's vicinity. 

In the embodiment of Figure II, advertising field 1 130 contains an advertisement 
for automotive services while field 1140 contains an advertisement for a travel 
10 organization. To access details of the advertisements, advertising fields 1130 and 1140 
include action buttons 1 135 and 1 145, respectively. Selecting either of these action buttons 
will bring up the web page containing additional information about the advertised items. 
Advertising fields 1 1 30 and 1 1 40 as a whole may also constitute link activation areas. 

- ■ Publicraessage field 1 120 is used to display messages intended to be helpful to the - 

15 customer, and may contain public service messages, hims on conserving energy and 
resources, or any other messages. In the embodiment of Figure 11, public message field 
1 120 is itself an action button. Accordingly, clicking anywhere on message field 1 120 wll 
bring up the corresponding web 15 page. 

The present invention can be implemented by means of software programming on 
20 any of a variety of one or more computer systems as are well known in the art, including, 
without limitation, computer systems such as that shown in Figure 12. The computer 
system of Figure 12 may, for example, be used as a customer computer, a biller computer, 
a bank computer, or a certification authority computer. The computer system shown in 
Figure 12 includes a CPU unit 1200 that includes a central processor, main memory. 
25 peripheral interfaces, input-output devices, power supply, and associated circuitry and 
devices; a display device 1210 which may be a cathode ray tube display, LCD display, gas- 
plasma display, or any other computer display; an input device 1230. which may include a 
keyboard, mouse, digitizer, or other input device. The computer system may or may not 
include non-volatile storage 1220. which may include magnetic, optical, or other mass 
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storage devices. .„d . printer ,250. T„e compter .ys.e™ .ay also include a „e,worl= 
.n.erface ,240. which .ay consist of a .oden,. allowing ,he co.p„,er systen, ,„ 
— icate wiA other systems over a communications network such as the htenret Anv 
of a variety of other conBgarations of computer systems may also be used. 

• 

Thus a novel secure interactive electronic account statement delivery system has 
been presented. Aithough the present invention has been described with respec, ■„ certain 
exampie embodiments, i, will be apparem to those skilled in ,he a„ that the present 
tnvention is no. limited ,c these specific embodiments. For example, although the 
statements that are electronically presented to a customer using the present invention have 
.n certam instances been described as -bills- and the originators of the statements as 
btllers.- „ will be apparent ,„ ftose skilled in the ar, that the invention may be used for 
presentmg statements other than bills from entities other than bille.. For example the 
present infonnation can be used by a bank, stock broker, or other financial ser^ces 
provtder to deliver periodic account balance i„fom,ation to a customer. Furiher. although 
««-^ <«f «««?<**Mi»«B.b»i«n.^^^ ^^^^^ 
process steps, some of .he steps may be omitted or omer similar steps may be subs.i.„.ed 
wthou. depar.i„6 from .he scope of .he invention. Furiher, alftough .he inveniion has been 
descnbed as u.ilizing the ln.eme. as a .^nspor, „e.work. other ne.„orks or „.her 
communications media may be used. 
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CLAIMS 

1 . A method for delivering account statement data from a statement issuer to a 
customer using a communications network comprising the steps of: 

issuing a statement issuer certificate* from a first certificate issuer to a statement 
issuer, said statement issuer certificate comprising a digital signature of said first certificate 
issuer; 

issuing a customer certificate from one of said first certificate issuer or a second 
certificate" issuer to a customer, said customer certificate comprising a digital signature of 
said second certificate issuer; 

generating a customer statement message comprising account statement data for 
said customer, a digital signature of said statement issuer, and a copy of said statement 
issuer certificate; 

' ' transmitting said customer statement message from said statement issuer, to said 
customer using said communications network. 

2. The method of claim 1 wherein said statement issuer certificate comprises a 
first certificate issuer certificate. 

3. The method of claim 2 wherein said first certificate issuer certificate 
comprises a digital signature of a certification authority. 

4. , The method of claim 1 wherein said first certificate issuer is a certificated 

bank. 

5. The method of claim 1 wherein said second certificate issuer is a certificated 

bank. 

6. The method of claim 1 wherein said statement issuer is a biller. 

„ . . . . 7. The method of claim 1 wherein said statement issuer certificate comprises 
data related to said statement issuer and wherein said digital signature of said first 
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cenifica,e issuer comprises .„ e„c^p.e, .essa^e diges, of said d.a re,a.ed ,o s H 
Statement issuer. related to said 

8. The method of claim 7 .herein said data related ,o said stetemen, ' 
comprises an identification number forsaid statement issuer. 

9. The method of claim 8 wherein said data related to said statem, , • 
comprises a public key ofsaid statement issuer. «=.cme„t tssuer 

10. The method of claim 7 wherein said enctypted message digest is encrvoted 
usmg a pnvate key ofsaid first certificate issuer. Sest ,s encrypted 

11. The method of claim 10 wherein said first certified. . 

CO H,es data related to said first certificate issuer and sa,:: ^ sZ^:: 

13. The method of claim 12 wherein said data related to said first certificate 
>ssuer comprises a public key of said issuer. 

related IL "^"'^^ ''"^ ' ~ ^^^^-^ -P^i- data 

related to sa.d customer and wherein said digital signature of said second certificate issuer 
-pnses an encrypted message digest of said data related to said customer. 

15. The method of claim 14 wherein said data related to said customer 
comprises an identification number for said customer. 

16. The method of claim 15 wherein said data related to said customer 
comprises a public key of said customer. 

usine a ^ "^^'^'"^ " "^^^'^-^ -ssage digest is encrypted 

using apnvate key of said second certificate ■^-^-^--''^---^-^^^^^^ 
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18. The method of claim 1 further comprising the steps of: 

receiving said customer statement messages transmitted from said statement issuer 
to said customer; 

verifying an authenticity of said copy of said statement issuer certificate included in 
5 said customer statement message; 

verifying an authenticity of said account statement data by verifying said statement 
issuer digital signature included in said customer statement message. 

19. The method of claim 18 wherein said statement issuer certificate comprises 
data related to said statement issuer, and wherein said digital signature of said first 

10 certificate issuer comprises an encrypted first message digest of said data related to said 
statement issuer. 

20. The method of claim 19 wherein said step of verifying an authenticity of 
said copy of said statement issuer certificate cpmprises lthe steps of: 

decrypting said digital signature of said first certificate issuer using a public key of 
15 said first certificate issuer to obtain an unencrypted first message digest of said data related 
to said statement issuer; 

deriving a second message digest of said data related to said statement issuer 
included in said copy of said statement issuer certificate included in said customer 
statement message received by said customer; 

20 comparing said first message digest and said second message digest. 

21. The method of claim 18 wherein said digital signature of said statement 
issuer comprises an encrypted first message digest of said account statement data for said 
customer and wherein said step of verifying an authenticity of said account statement data 
by verifying said statement issuer digital signature included in said customer statement 

25 . .i7iessage, .comprises the steps of: 
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deriving a second message digest of said accoun. statement data for said customer 
mcluded m said customer statement message; 

I 

comparing said first message digest and said second message digest. 

22. The method of claim 1 wherein said customer statement message comprises 
5 an electronic mail message. 

23. The method of claim 18 further comprising the step of displaying said 
customer statement message on a display screen. 

24. The method of claim 23 further comprising the step of sending a 
nonfication message to said statement issuer notifying said statement issuer that said 

10 customer statement message has been displayed. 

25. The method of claim 23 wherein said customer statement message 
composes link activation information displayed as a link activation area when said 
customer statement message is displayed on said display scre-en.- " -^ 

26. The method of claim 25 wherein activation of said link activation area 
'5 activates a communication to a server computer using said communications network. 

27. The method of claim 26 wherein said server computer provides additional 
customer accoum statement data to said customer in response to said communication. 

28. The method of claim. 26 wherein said server computer provides advertising 
data to said customer in response to said communication. 

° 29. The method of claim 28 wherein said advertising data provided by said 

server computer to said customer depends upon a time at which said communication is 

made. 

30. The method of claim 28 wherein said advertising data provided by said 
server computer to said customer depends upon a geographic location of said customer. 
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31. The method of claim 28 wherein said advertising data provided by said 
server computer to said customer depends upon a parameter related to said customer. 

32. The method of claim 24 wherein said customer account statement data 
comprises amount due data further comprising the step of: - * ' 

displaying an electronic payment activation area on said display screen. 

33. The method of claim 32 wherein activating said electronic payment 
activation area activates an electronic payment process that may be used by said customer 
to pay said amount due. 

34. An electronic account statement message for delivery from a statement 
issuer to a customer using a communications network comprising: 

account statement data for said customer related to an account of said customer 
with said statement issuer; 

a statement issuer certificate comprising data related to said statement issuer and a 
digital signature of a first certificate issuer; 

a first certificate issuer certificate comprising data related to said first certificate 
issuer and a digital signature of a certification authority. 

35. The electronic account statement message of claim 34 further comprising 
certification authority identification data identifying said certification authority. 

36. The electronic account statement message of claim 34 wherein said 
communications network is an open network. 

37. The electronic account statement message of claim 34 wherein said account 
statement data comprises summary data. 

38. The electronic account statement message of claim 34 wherein said account 
statement-data comprises detailed data; ' ■ 
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39. The electronic account statement message of claim 34 wherein said digital 
signature of said statement issuer comprises an encrypted message digest of said account 
statement data. 

40. The electronic account statemeot message of claim 34 wherein said data 
related to said statement issuer comprises an identification number for said statement issuer 
and a public key of said statement issuer. 

41 . The electronic account statement message of claim 34 wherein said digital 
signature of said first certificate issuer comprises an encrypted message digest of said data 
related to said statement issuer. 

42. The electronic account statement message of claim 34 wherein said data 
related to said first certificate issuer comprises an identification number for said first 
certificate issuer and a public key of said first certificate issuer. 

"^^^ The electronic account statement, mess age of ..claim 34 vyherein said digital 
signature of said certification authority comprises an encrj'pted message digest of said data 
related to said first certificate issuer. 

44. The electronic account statement message of claim 34 further comprising: 
link activation data for initiating a request for additional data; 

link descriptive data comprising data related to said request. 

45. The electronic account statement message of claim 44 wherein said link 
activation data comprises a network address of a source of said additional data. 

46. The electronic account statement message of claim 45 wherein said network 
address comprises a URL address. 

47. The electronic account statement message of claim 34 wherein said account 
statement data comprises an amount due and wherein said electronic account statement 
"astafLir^er^ornpnlesi^^"" ^ <^ . ■ — ' '^i-.rvn^r.n. .^.m cu. 
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payment process activation data for initiating an electronic payment process for 
paying said amount due. 

48. The electronic account statement message of claim 44 wherein said account 
statement data comprises an amount due and wherein said electronic account statement 
data further comprises: 

payment process activation data for initiating an electronic payment process for 
paying said amount due. 

49. The electronic account statement message of claim 44 wherein said link 
descriptive data comprises advertising data. 

50. The electronic account statement message of claim 49 wherein said link 
activation data comprises a URL address of a third party merchant. 

51. A program storage device readable by a machine, tangibly embodying a 
program of instructions executable by the. machine to perform method steps for delivering 
account statement data from a statement issuer to a customer using a communications 
network, said method comprising the steps of: 

issuing a statement issuer certificate from a first certificate issuer to a statement 
issuer, said statement issuer certificate comprising a digital signature of said first certificate 
issuer; 

issuing a customer certificate from one of said first certificate issuer or a second 
certificate issuer to a customer, said customer certificate comprising a digital signature of 
said second certificate issuer; 

generating a customer statement message comprising account statement data for 
said customer, a digital signature of said statement issuer, and a copy of said statement 
issuer certificate; 

transmitting said customer statement message from said statement issuer to said 
customer using said communications network. 
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52. The program storage device of claim 51 wherein said statement issuer 
certificate comprises a first certificate issuer certificate. 



issuer 



53. The program storage device of claim 52 wherein said first certificate i 
certificate comprises a digital signature of a certification authority. 

54. The program storage device of claim 5 1 wherein said first certificate issuer 
is a certificated bank. 

55. The program storage device of claim 51 wherein said second certificate 
issuer is a certificated bank. 

56. The program storage device of claim 5 1 wherein said statement issuer is a 

biller. 

57. The program storage device of claim 51 wherein said statement issuer 
certificate comprises data related to said statement issuer and wherein said digital signature 
of said first certificate issuer comprises an encrypted message digest of said datb i^lated to 
said statement issuer. 

58. The program storage device of claim 57 wherein said data related to said 
statement issuer comprises an identification number for said statement issuer. 

59. The program storage device of claim 58 wherein said data related to said 
statement issuer comprises a public key of said statement issuer. 

60. The program storage device of claim 57 wherein said encrypted message 
digest is encrypted using a private key of said first certificate issuer. 

61 . The program storage device of claim 60 wherein said first certificate issuer 
certificate comprises data related to said first certificate issuer and said digital signature of 
said certification authority comprises an encrypted message digest of said data related to 
said first certificate issuer. 
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62. The program storage device of claim 60 wherein said data related to said 
first certificate issuer comprises an identification number for said certificate issuer. 

63. The program storage device of claim 62 wherein said data related to said 
first certificate issuer comprises a public key of said issuer. 

64. The program storage device of claim 51 wherein said customer certificate 
comprises data related to said customer and wherein said digital signature of said second 
certificate issuer comprises-an encrypted message digest of said data related to said 
customer. 

65. The program storage device of claim 64 wherein said data related to said 
customer comprises an identification number for said customer. 

66. The program storage device of claim 65 wherein said data related to said 
customer comprises a public key of said customer. 

^ 67. ^ 7 -The' progMffi message 
digest is encrypted using a private key of said second certificate issuer. 

68. The program storage device of claim 51 wherein said method further 
comprises the steps of: 

receiving said customer statement message transmitted from said statement issuer 
to said customer; 

verifying an authenticity of said copy of said statement issuer certificate included in 
said customer statement message; 

verifying an authenticity of said account statement data by verifying said statement 
issuer digital signature included in said customer statement message. 

69. The program storage device of claim 68 wherein said statement issuer 
certificate comprises data related to said statement issuer, and wherein said digital 
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signature of said first certificate issuer comprises an encrypted first message digest of said 
data related to said statement issuer. 

70. The program storage device of claim 69 wherein said step of verifying an 
authenticity of said copy of said statement issuer certificate comprises the steps of: 

decrypting said digital signature of said first certificate issuer using a public key of 
said first certificate issuer to obtain an unencrypted first message digest of said data related 
to said statement issuer; 

deriving a second message digest of said data related to said statement issuer 
included in said copy of said statement issuer certificate included in said customer 
statement message received by said customer; 

comparing said first message digest and said second message digest. 

71. The program storage device of claim 68 wherein said digital signature of 
-said statement issuer comprises,an encrypted first message digest of said-account statement 
data for said customer and wherein said step of verifying an authenticity of said account 
statement data by verifying said statement issuer digital signature included in said 
customer statement message comprises the steps of: 

deriving a second message digest of said account statement data for said customer 
included in said customer statement message; 

comparing said first message digest and said second message digest. 

72. The program storage device of claim 51 wherein said customer statement 
message comprises an electronic mail message. 

73. The program storage device of claim 68 further comprising the step of 
displaying said customer statement message on a display screen. 
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74. The program storage device of claim 73 wherein said method further 
comprises the step of sending a notification message to said statemem issuer notifying said 
statement issuer that said customer statement, message has been displayed. 

75. The program storage device of claim 73 wherein said customer statement 
message comprises link activation information displayed as a link activation area when 
said customer statement message is displayed on said display screen. 

76. The program storage device of claim 75 wherein activation of said link 
activation area activates a communication to a server computer using said communications 
network. 

77. The program storage device of claim 76 wherein said server computer 
provides additional customer account statement data to said customer in response to said 
communication. 

. .78. .^._The program storage -device of claim 76 wherein said server computer, 
provides advertising data to said customer in response to said communication. 

79. The program storage device of claim 78 wherein said advenising data 
provided by said server computer to said customer depends upon a time at which said 
communication is made. 

80. The program storage device of claim 78 wherein said advertising data 
provided by said server computer to said customer depends upon a geographic location of 
said customer. 

81. The program storage device of claim 78 wherein said advertising data 
provided by said server computer to said customer depends upon a parameter related to 
said customer. 

82. The program storage device of claim 74 wherein said customer account 
statement data comprises amount due data and wherein said method further comprises the 
step of: 
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displaying an electronic payment activation area on said display screen. 

83. The program storage device of claim 82 wherein activating said electronic 
payment activation area activates an electronic payment process that may be used by said 
customer to pay said amount due. : . 
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Customer Account No. 123-456-789 

John R. Public 
1234 Street Drive 
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Feb. 24 reading: 
Jan. 24 reading: 
30-Day Billed Use: 
Current Charges: 



COMMONSTATE ELECTRIC COMPANY J 
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1025 



1035 



43210 
42786 
00424 
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Billing Date: 
Due Date: 



S46.64 
S43.21 
S43.21 
$48.64 

Feb. 28. 1999 
Mar. 12. 1999 



i 



..J2ixAPJ.1 = $4.6-64, 
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E-mail: service@cec.com 
Web Page: www.cec.com 
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Prev. Bill: $43.21 
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1055--- 543 Main Street 

Big City, State Zip Code 
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Phone: 1-800-555-1234 

J:mail:__,:.^ seryiQe ©cec.coni . .^"r^ 
Web Page: ; www.cec.com 

C Or click here'j 1150 
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Reg. $99. Now $59 ( Click here > 



1135 



1120 



Cut your electricity use up to 25%! 
Click here for details. 



J 



C . PAY ) C 



PRINT 



1 



Got the Winter Blues? 
Win a Hawaii Vacation for 
Two! 



( Click here 



1140 



1145 



1030 



1040 



100 



.<;ilHSTmiTP «?HPPT/RIII P ?fi\ 



wo 98/26386 



PCT/US97/23025 



12/12 



^1210 
Display 




SUBSTITUTE SHEET (RULE 26) 



INTERNATIONAL SEARCH REPORT 



Intern- al Application No 

PCT/US 97/23025 



.A. CLASSIFICATION OF SUBJECT MATTEH 

IPC 6 G07F19/00 G07F7/10 



According to Intsmattonal Patent Classification(IPC) or to both national classification and IPC * 



B. FIELDS SEARCHED 



Minimum documentation searched (classification systenn followed by classification symbols) 

IPC 6 G07F 



Documentation searched other than mini mum documentation to the extent that such documents are included In the fields searched 



Electronic data base consulted during the international search (name of data base and, where practical, search terms used) 



C. DOCUMENTS CONSIDERED TO BE RELEVANT 



Category * Citation of document, with indication, where appropriate, of the relevant passages 



Relevant to claim No. 



KOLLETZKI S: "Secure Internet banking 
with Privacy Enhanced Mail ~ A protocol 
for reliable exchange of secured order 
forms" 

COMPUTER NETWORKS AND ISDN SYSTEMS, 
vol. 14, no^ 28, November 1996, 
page 1891-1899 XP004014500 — 



1-83 



Further documents are listed in the continuation of box C. 



Patent family members are listed in annex. 



" Special categorres of cited documents : 

'A" document defining the general state of the art which is not 

considered to be of particular relevance 
'E" earlier document but published on or after the international 

filing date 

•L" document which may throw doubts on priority claim(s) or 
which IS oted to establish the publication date ol another 
citation or other special reason {as specified) 

'O" document referring to an oral disclosure, use, exhibition or 
other means 

P" document published prior to the international filing date but 
later than the priority date claimed 



T" later document published after the international tiling date 
or prionty date and not in conflict with the application but 
cited to understand the principle or theory underlying the 
invention 

"X" document of particular relevartce; the claimed invention 
cannot be considered novel or cannot be considered to 
involve an Inventive step when the document is taken alone 

"Y" document of particular relevance; the claimed invention 

cannot be considered to involve an inventive step when the 
document is combined with one or mors other such docu- 
ments, such combination being obvious to a person skilled 
in the art. 

"A" document member of the same patent family 



Data of the actual completion of the international search 



23 March 1998 



Date ol mailing of the international search report 

02/04/1998 



Name and mailing address of the ISA 

European Patent Office, P.8. 5818 Patentlaan 2 
NL • 2280 HV Rijswiik 
Tel. (+31-70) 340-2040. Tx. 31 651 epo nl. 
Fax: (+31-70) 340-3016 



Authonzed officer 



Kirsten, K 



Form PCT/tSA/?iO /second she«I) ( Julv 1992) 



INTERNATIONAL SEARCH REPORT 



^.(Continuation) DOCUMENTS CONSIDERED TO BE RELEVANT 



Interm al Application No 

PCT/US 97/23025 



Category • 



Citation of document, with indicalioawhere appropriate, ol the relevant passages 

SIRBU M ET AL: "NETBILL: AN INTERNET 
COMMERCE SYSTEM OPTIMIZED FOR NETWORK 
DELIVERED SERVICES" 

DIGEST-OF PAPERS OF THE COMPUTER SOCIETY 
COMPUTER CONFERENCE (SPRING) COMP,CON 
TECHNOLOGIES FOR THE INFORMATION 
SUPERHIGHWAY SAN FRANCISCO, MAR 5-9 
1995, 

no. CONF. 40, 5 March 1995/ INSTITUTE OF 
ELECTRICAL AND ELECTRONICS ENGINEERS 
pages 20-25, XP000577034 
see figure 3 

"APPLY YOUR MARKETING TALENT TO PROMOTE 
ON-LINE BANKING" 
BANK MARKETING, 

1 May 1996, 
pages 25-30, XP000579413 
see page 28 

US 5 465 206 A (HILT JAMES J ET AL) 7 

November 1995 

cited, in the application 

see claim 1; figure 4 

EP 0 328 232 A (FISCHER ADDISON M) 16 

August 1989 

see claim 1; figure 2 

US 5 557 518 A (ROSEN SHOLOM S) 17 

September 1996 

see claim 1; figure 2 

US 5 193 055 A (BROWN GORDON T ET AL) 9 
March 1993 

see claim 1; figure 1 



Relevant to claim No. 

1-83 



1-83 



1-83 



1-83 



1-83 



1-83 



Foim PCT/ISA/2tO (continuation ot second sheol) (July 1 992) 



INTERNATIONAL SEARCH REPORT 

Imormatlon on patent family members 



Internt 3I Application No 

PCT/US 97/23025 



Patent document 
cited in search report 


Publication 
date 


Patent family . . 
member(s) 


Publication 
date 



AU 8098494 A 

BR 9407964 A 

CA 2175473 A 

CA 2175476 A 

EP 0727072 A 

HU 74351 A 

JP 9504634 T 



LT 
LV 
NO 
NZ 
PL 



96060 A,B 
11648 B 
961707 A 
275027 A 
314309. A 



WO 9512859 A 



23- 05-95 
03-12-96 
11-05-95 
11-05-95 
21-08-96 
30-12-96 
06-05-97 
27-01-97 
20-08-97 
25-06-96 

24- 04-97 
02-09-96 
11-05-95 



EP 


0328232 


A 


15-08-89 


US 


4868877 A 


19-09-89 










AT 


122190 T 


15-05-95 










AU 


2512488 A 


07-09-89 










CA 


1331213 A 


02-08-94 










DE 


68922422 D 


08-06-95 










DE 


68922422 T 


07-09-95 










ES 


2071651 T 


01-07-95 










US 


5005200 A 


02-04-91 










US 


5214702 A 


25-05-93 


US 


5557518 


A 


17-Q9-96 :;- 


:r AU 


~ 2 105895 ~A~--'' 


"29-11-95 ' 










BR 


9507107 A 


09-09-97 










CA 


2184380 A 


09-11-95 










CZ 


9602513 A 


15-10-97 










EP 


0758474 A 


19-02-97 










FI 


964032 A 


08-10-96 










HU 


76463 A 


29-09-97 










JP 


9511350 T 


11-11-97 










NO 


964538 A 


05-12-96 










PL 


317026 A 


03-03-97 










SI 


9520039 A 


30-06-97 










SK 


117696 A 


08-10-97 










uo 


9530211 A 


09-11-95 










US 


5642419 A 


24-06-97 










US 


5621797 A 


15-04-97 



Form PCT/lSA^tO (patent family annex) (July 1992) 



INTERNATIONAL SEARCH REPORT 

Inioftnatlon on patent family members 



Interna il Application No 

PCT/US 97/23025 



Patent document 
cited in search report 



Publication 
date 



Patent family 
niembef{s) 



Publication 
date 



US 5557518 A 
US 5193055 A 



09-03-93 



US 5703949 A 
NONE 



30-12-97 



PCT/lSA/210 {patent (amily annex) (Jufy t992) 



wo 98.f2453a6 



1/12 




I ca Gxrvi rre c?u3= err / oi ii cr •sfi'S 



2/12 




SUBSTITUTE SHEET (RULE 26) 



wo pa'^s^isfi 



3/12 



350 



Bank- 
ID 


Bank 
Public 
Key 


CA 
Digilal 
Signal u/$ 


Ceniflcajicfi 
Authority 
Affiliairoin 


> > ) ^ - 

300 305 310 . 315 





ID 


Cu$tc>iner 
Public 
Key 


. Bank 
Digila! 
Signalure 


. flank 
ID 


Public 


Digital 
Signalure 


Certificalion 
Auihofity 


) 

400 


405 


) 

410 


4?5 


V" 

420 


) 

425 










[E! ... 






^550 


Bdler 
ID 


Bilfer 

Public 
Key 


Bank 
Digital 
Signature 


Barjk 
ID 


Bank 
K6y 


CA 
DigiSal 
Sigra(ijr$ 


Ceniffcation 
AyJhKJrily 
Affiliation 


500 


\ 

505 


> 

510 


) 

S15 


) 

520 


525 


) 

530 



substitutt: ?;wEErmtii F 2S> 



TCriV5V7f2i025 



4/12 



CA R&cewes CenilicaJbn 
Applicafioji fromBan^? 



6C0 



CA Reviews Bank's 
Qualifications 



605- 





620 





r 




CA Sends Bani:BIUir4g 
System Software 


--625 








CA ReaufistsPubiicKey 
from Beak 






\ 




Bank Generates Public 
and Prh'dX$ Keys 






f 




Sanlf Sends Public 
K$ytoCA 


-•640 






. 1 



1 


r 




Bank's Appficafion 




flej&cierf 



615 



1 


f 






C A Stores Bank ID and 
Public Key in Directory 






f 






CA Assembles Bank 
CerJiJfcate 






r 






CA Delivers Bank Certificate 
to B^ank by S&cure Means 


--ess 



SUBSTITUTE SHEET (FlULE 26) 



wo )W2G31MS 



PCT/US97/J3aSS 



5/12 



CB Rewwes Certific^tbn 
AppGcalionffom&C 



CB Reviews 8/C's 
Oualifroatbns 



70S' 




fi/ClD.';-"-— - 



720. 



CB Sends B/CBfllin^ 



725 



CS Reqif e-sis Public Key 
fromB/C 



730 



B'C G6fi$raJeB Pubfjc 
ar>tf PrwafB Keys 



735 



8/C Sends Public 
KeytoCB 



— 740 



1 


f 




B/C's .^plicafion 




Rejected 



7t5 





r 


CB Transmits &«'C IDa/id 
Public Key 10 C A 




f 


CASlofes B/CIDan-a' 
Public Key m Index Fila 


^ 




CBAssernbfesB/C 
Certificate 






CBDelivera&^C 
Certiflcais lo B/C 



•750 



75F- 



7&D 



RilRRTITllTF RHFPT fRULE 261 



W09S/263M 



PCT/US!?7.'53to5 



Custcmsf Appfies for 
Certificate ffOJH Cortificaled 
Bank 



I 



Customer Rficeivfi$ 
Cerdflcate frorri Ce^jittate'tf 
bank 



772 



Cuslomer Ideniifies 
a Prospecifve BiJIer 



-774 



Cusiomer Ir^we^ Whether 
SllJer IS Fa?Jicipant 



776 



6/12 




Elficl^onicS^teirients 
r^ol Availably 



7S0 



Custome 
Biller E-m 


sr Ob^ins 
ail A{^drd8s 
_ 1 






Customer Serds Dig. Signed 

ElectranicSJateTnenl 
Acdyafion Request 1o Biller 


> 


^784 



Biflsr Airfhenticaies 
Cusiomer Request 




790 









, ^7S& 


Biller Sends C'JSlomcr 


Error Message 



Siller Updates CL<stoiner 
Dala Base 



752 



Bifler Starts Electronic 
Slatemeni Service 



SUBSTITUTE SHEET (RULE 2B) 



W0 5&^ei386 



7/12 



Reqiresl 
forS$[Vic« 



T 



Customer 
Signature 



753 



Customer 
Certificate 



T 

797 



I 

799 



J 




^ Hi 












( 


854 
) 


S56 


858 

\ ^ ^ 


SummaiY 
Bill Data 


Biiler's 
Dfgi^l 
Signature 


Siller's 


SessJors 
Key 



650 



Encrvpied with Session Key 



Encrypied 
with Customer's 
PgbJic Key 



IFtfiTITlJTP c^HppT-fnuLe 2A\ 



Biflrng Date Occurs 



I 



Bfller (?erierat6$ 
Summarj'and Del&W&S 
Bil/inq Datd. 



Bilei Oblains 
Cuslomer^s Public Key 
ajid E-maif Address 



BrllerSeritfs Cuslomer 
Aufh. E-mail We^sage 
Ind. Summajy Dala 



i 



Customer Sofhvare 
E-mglf Message 



Customer Views 
Authenticated 
E-mail Message 



BilJer ReceiveB 
Delfvery Cod&malon 




8/12 




Customer Sofcvs re 
Se/ids Request 10 
Bilfer's D&lafI Server 



BiJIer Authenticates 
CL'stomer Request 



812 



Bill er Retrieves Detaif 



I 



813 



Si er Retrieves 
Appropriate DeJail 
Form 



BillerEriters Defarl 
Data in Form 



8111 er Returns Dfilail 
Form as HTML Dec 
to Customer 



Cusforr^erSottrtare 
Au1tienj>:aies and 
Dispfays Detaif 
HTM L EDocurnem 

i 




Customer Sofjwar$ 
Accesses Advertiser's 
Web Page 




Bill DePivery 
Corr^jleied 



82^ 



InitBie Electron io 
BiJI Pay Prcce^s 



.... ■■ h« 



SUBSTtTUTE SHEET (RULE 26) 



wo 5>S/i63Sfl 



'900 



BilJer AsseoiWe^ 
Body ofE-mail . 
. Mfissaga 



Siller Processes 
Message tD Ob]^( 



Birie^ EncrypJs Message 
Di-gesl Using 
Bil3&f'8 Pitvale Kev 



Bfller/^'perids 
EnwypfeiJ M$$-s&^|e 
Digest bMes^agd 



920 



BillerAp'pends Bilfec 
Certif-k;ale to Message 



922 



Bilfer Generates 
Session Key 



Bill«r ETicr)'p1s 
Message LiBing 
Sessfon Key 



T 



926 



Bi<ler Encrypts Session 
KeyUsrnaCustamer's 
Public Key 



T 



923 



Siflei" Serifs C-usiomer 
Me3S^.ge Via E-mafI 



7 



Ciisiomer Compiler 
E-mail Wass^gB 



9/12 

: c 



932 



CL'stomer SoJlwa^e Deor^'pis 
Session Key Usino Custonier's 
Private i?ey 



Customer SoJtv.^:© Decrials 
Message Using Session Key 



r936 



Cusjomer Softrt'are Decrypts 
CA DigftalSionatufe Using 
CA Public Key 



4 <'m 



Cus!om<»r Software Derives 
Mes^nge Dfg&slofCBID 
aod Pubtfc Key 



Customer Software Cofj'jpaf &$ 
Derived Message digest to 
. , ..CAOigifalS'^fiatui-e 




Customer Suftvrare Sends 
Error ty1essag*(oBiller 



956 



Customer So^\*2re Decrvpls 
Siller's Oi^itai Signsture Using 
Bill er's Public Koy 



I 



Custor?'i6j Softsvare Prowsses 
Message (o Obtain Me$$9gd 
Digest 



T 



•961} 



Customer Sofr,vaje Compares 
M.D. to Bille/'s Dtgiial SJgnst'J/e 



Cusiomef Soflvrfare Decrvpts 
CBDigitSilSignaliire U$ing 
CB Pubfio Key 



I 



Customer &oftv/are De/ives 
Message Diqesf of Bills? 
IDandPufc^itKey 



Cystorrrer Saftwa/e Coi-npares 
Derived Message Digest to 
CB Digital Sigrtaiure 




Cusiomer Sofh^'are Sends 
Error Message to Bfller 




964 



Customer SofrA'are 
Displa\'s Message 
to Cuslome; 



X 



966 



Customer Sofiwar& 
Sends-Errdr Message 
10 Bflfer 



«||RKTITHTF RHPPT/RULE 28^ 



L 



1CO0 



f005 



Cusjoirier .Account No. ^23-45e-789 



commonstateIlectric company 

+ Mn ICC tnr^ 



John Public 
1234 Street Drive 
Cit/. SJaJe Zip Code 

Eleclridiy Used; 

Feb. 24 readmg; 
Jar^ 24 reading: 
fUse: 



1015 



1025 



mi 



43211} 
42786 
00424 



Cuf/ent Charges: 
) 

\ 424 x $0.1 1 ;= .$46.54 

1045 



DETAILS ^ PAY 



Ke\v Charges.' S4664 

Prev.Bill: 34321 

. PaymenJ: S43.&1 

Amoufif Due: $4$ 64 

Billing Dale: feb, fB.iggg 

„ ^ ■ Du$L)ate: Ma;. 12, 1999 
vssnd Paj-meni to: 

Comrrionstaie Eleclrlc Company 
543 Mam Slieel 

Big Ci(y. Stale Zip Cck^s ^ ^055 

.:_._gi^l«n?.._CQQtacS CustomerServJca 
fhone: t -800-555- 1234 
. Jil- sefvlce@cec.com 



1060 




praivr 




SPEClALOFFERf^ 
Saye 50 % on Ai rfaresy 



J 



1050 



SUBSTfTUTE SHEET (RULE 26) 



This Page is Inserted by IFW Indexing and Scanning 
Operations and is not part of the Official Record 

BEST AVAILABLE IMAGES 

Defective images within this document are accurate representations of the original 
documents submitted by the applicant. 

Defects in the images include but are not limited to the items checked: 

^^LACK BORDERS 

□ IMAGE CUT OFF AT TOP, BOTTOM OR SIDES 
FADED TEXT OR DRAWING 

□ BLURRED OR ILLEGIBLE TEXT OR DRAWING 

□ SKEWED/SLANTED IMAGES 

□ COLOR OR BLACK AND WHITE PHOTOGRAPHS 

XY SCALE DOCUMENTS 
IS OR MARKS ON ORIGINAL DOCUMENT 

□ REFERENCE(S) OR EXHIBIT(S) SUBMITTED ARE POOR QUALITY 

□ OTHER; 

IMAGES ARE BEST AVAILABLE COPY. 
As rescanning these documents will not correct the image 
problems checked, please do not report these problems to 
the IFW Image Problem Mailbox. 



This page 



